Shulou(Shulou.com)06/03 Report--

This article mainly explains "how to solve the problem of not uploading files caused by the is_uploaded_file function". The content of the explanation in the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "how to solve the problem of not uploading files caused by the is_uploaded_file function".

Cause:

In one project, received feedback from users that all of its customers could not upload files, and all failed. After investigation, it is found that it is the is_uploaded_file function in PHP that is playing tricks.

Detailed analysis:

Under normal circumstances, uploading a file through PHP requires the is_uploaded_file function to determine whether the file was uploaded through HTTP POST, which can be used to ensure that malicious users cannot trick scripts into accessing files that cannot be accessed otherwise, such as / etc/passwd.

The problem encountered this time is that what should have been a tmp_name like C:/WINDOWS/Temp/php99.tmp has become a C://WINDOWS / / Temp//php99.tmp, causing the is_uploaded_file function to return an error message.

Handling method:

After adding the following code, the problem is solved.

$file ['tmp_name'] = str_replace (' /','/ /', $file ['tmp_name'])

Note that the "/" actual string is two /, and the other two are used to represent the escape.

Further study:

Why does this happen in a specific environment of dictation? let's take a look at the following analysis:

; Magic quotes for incoming GET/POST/Cookie data.

Magic_quotes_gpc = On

In the default configuration of PHP, magic_quotes_gpc is On, and PHP environments with the magic_quotes_gpc parameter turned on automatically add addslashes effects to GET/POST / Cookie. Note that the addslashes effect is not added to $_ FILES.

When magic_quotes_gpc is Off, there is a problem because the addslashes function is added to the $_ FILES array. This problem occurs in PHP environments where magic_quotes_gpc is Off.

By the way, the MooPHP code on SVN has fixed this problem.

Is_uploaded_file function parsing:

Determine whether the file was uploaded through HTTP POST

Bool is_uploaded_file (string $filename)

Returns TRUE if the file given by filename is uploaded through HTTP POST. This can be used to ensure that malicious users cannot trick scripts into accessing files that would not otherwise be accessible, such as / etc/passwd. This check is particularly important if the uploaded file is likely to cause its content to be displayed to users or other users of the system.

In order for the is_uploaded_file () function to work properly, the required section specifies a variable like $_ FILES ['userfile'] [' tmp_name'], but the file name $_ FILES ['userfile'] [' name'] uploaded from the client does not work properly.

Thank you for your reading, the above is the content of "how to solve the problem of not uploading files caused by is_uploaded_file function". After the study of this article, I believe you have a deeper understanding of how to solve the problem that files cannot be uploaded caused by is_uploaded_file function. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.